Understanding and Implementing Password Best Practices

A strong password is all about complexity and length. The longer and more complex a password is, the better. Just be sure that end-users don't fall into the age old trap of using the same password for different sites, using familiar phrases, or even writing them down and storing the notes in easy-to-access locations. Password fatigue is a real issue these days, so be sure to help your users pick and manage their passwords as effectively as possible.

No matter the industry and its regulatory requirements, here are some sound building blocks that you should have in place to help make sure that your users' passwords are as secure as they can be:

  • Minimum Password Length: The more characters the better - 8 just doesn't cut it anymore.
  • Password Complexity: A combination of upper and lower case letters, numbers, and characters add complexity.
  • Password Expiration: Passwords should expire at regular intervals (e.g. 1, 2, or 3 months).
  • Non Repeating Passwords: Once they've expired they should stay expired and not be used again.
  • Password Hashing: Don't allow prying eyes to see what's being typed.
  • Failed Login Attempts: Once a user has hit a specific number of failed attempts, the account and password should be locked out
  • Contact us today to find out how PortalGuard can help you make sure that you are fully compliant and able to effectively administer your password policy.